The Securities and Exchange Commission’s Office of Compliance Inspection and Examinations and Financial Industry Regulatory Authority have delivered their annual regulatory examination priorities letters for 2018. While some priorities are new, many of the areas of focus are familiar and similar to those of prior years. Summarized below are a number of new and expanded expressed by these two regulators.
Cryptocurrency, Initial Coin Offerings and Blockchain - Both the SEC and FINRA have registered their concerns over Cryptocurrency, Initial Coin Offerings and Blockchain. FINRA is placing emphasis on the mechanisms in place to ensure that there is compliance by firms with relevant securities laws and regulations. The SEC is focusing on controls and safeguards to protect assets from theft or misappropriation, and whether financial professionals are providing investors with sufficient disclosure about risks associated with these investments.
Cybersecurity - The Commission’s emphasis is expanding from examinations focusing on cybersecurity procedures and controls to working with firms to identify cybersecurity risks and to encourage market participants to actively and effectively engage in this effort.
Fixed income order execution - The SEC will conduct examinations to assess whether broker-dealers have implemented best execution policies and procedures for both municipal and corporate bond transactions.
Fixed income data integrity – FINRA will expand examinations to include Treasury securities in reviews for complete, timely and accurate reporting of TRACE-eligible securities. This will include reviews of electronic communications with customers and potential discrepancies in the electronic communications compared to firms records or reports to TRACE.
Fraud – While fraud is always an area of concern, this year FINRA specifically mentioned insider trading, microcap pump-and-dump schemes, issuer fraud and Ponzi–type schemes.
Business Continuity Plans (“BCP”) – Due to the recent impact of natural disasters such as Hurricanes Harvey and Maria, FINRA intends to look into the adequacy of firms’ BCPs and how they address continued access to critical systems, as well as inability to access physical locations. The reviews will emphasize the implementation of BCPs, including how BCPs are activated, how BCPs classify mission-critical and secondary controls. Also under review are the processes for data backup and recovery and, where applicable, coordination with vendors.
Technology Governance - FINRA points out that some firms have experienced customer service and regulatory problems arising from operational breakdowns related to the implementation of new systems or modifications to existing proprietary or vendor systems. As such, FINRA plans to review information technology change management policies and procedures.
Securities Backed Lines of Credit - These types of transactions have risks to customers, including potential market downturns and tax ramifications of liquidating pledged securities. FINRA plans to assess whether the disclosures provided by firms to customers sufficiently describe the risks associated. Where a securities lender is an affiliate or a third party, the firm is expected to establish controls to earmark the collateral and to ensure that the collateral is not dually pledged for any other credit (e.g. satisfying margin requirements).
The regulators are maintaining their role of protecting investors and assuring that markets function effectively. It is also evident that they are taking steps to rise to the challenge of markets that are rapidly growing in complexity.